Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cfssl: Add patch for stripping authkey whitespaces #45226

Merged
merged 1 commit into from Aug 17, 2018
Merged

cfssl: Add patch for stripping authkey whitespaces #45226

merged 1 commit into from Aug 17, 2018

Conversation

johanot
Copy link
Contributor

@johanot johanot commented Aug 17, 2018

Motivation for this change

cfssl fails to read authkey from file, if the file contains whitespaces of any kind.
Having at least a terminating line feed is normally the case for most plain text files.

See: cloudflare/cfssl#923

The fix is already merged into cfssl master. Adding a patch for the nix pkgs, which can be removed at next cfssl release.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
    tests.cfssl
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@srhb
Copy link
Contributor

srhb commented Aug 17, 2018

I'd prefer using fetchpatch to grab https://github.com/cloudflare/cfssl/commit/19f5e98263fba05af65c56fd88fce18b958728a7.patch rather than inlining it. :)

@srhb
Copy link
Contributor

srhb commented Aug 17, 2018

(And a small comment describing its purpose would also be nice)

Mic92
Mic92 reviewed Aug 17, 2018
View reviewed changes
pkgs/tools/security/cfssl/default.nix Outdated
@@ -13,6 +13,10 @@ buildGoPackage rec {
sha256 = "0j2gz2vl2pf7ir7sc7jrwmjnr67hk4qhxw09cjx132jbk337jc9x";
};

# https://github.com/cloudflare/cfssl/pull/923 is merged
# remove this patch when it becomes part of a release.
patches = [ ./authkey-whitespace-trim.patch ];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you use fetchpatch with https://github.com/cloudflare/cfssl/commit/7e13f60773c96644db9dd8d342d42fe3a4d26f36.patch ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh. my review was too late.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite, you used the right commit hash. ;)

@johanot
Copy link
Contributor Author

johanot commented Aug 17, 2018

@srhb @Mic92 Done, 8548854

@srhb
Copy link
Contributor

srhb commented Aug 17, 2018

@GrahamcOfBorg build cfssl

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: cfssl

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: cfssl

Partial log (click to expand)

shrinking /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin/bin/cfssl
shrinking /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin/bin/maclient
shrinking /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin/bin/cfssl-scan
shrinking /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin/bin/cfssljson
strip is /nix/store/gpc2wld1s0c6qzx9326cwn1wcx29xzsj-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin/bin
patching script interpreter paths in /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin
checking for references to /build in /nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin...
strip is /nix/store/gpc2wld1s0c6qzx9326cwn1wcx29xzsj-binutils-2.30/bin/strip
/nix/store/j1022gd9c942lkyrhram8pm0cscwinjb-cfssl-1.3.2-bin

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: cfssl

Partial log (click to expand)

shrinking /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin/bin/cfssl-certinfo
shrinking /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin/bin/maclient
shrinking /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin/bin/mkbundle
shrinking /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin/bin/cfssl-scan
strip is /nix/store/ah0va6j4cnwj9nx4j6rwcfc8nh785jwm-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin/bin
patching script interpreter paths in /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin
checking for references to /build in /nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin...
strip is /nix/store/ah0va6j4cnwj9nx4j6rwcfc8nh785jwm-binutils-2.30/bin/strip
/nix/store/f4dvfqymdbwl66z6qiqch623an84fw4n-cfssl-1.3.2-bin

@srhb srhb merged commit dde49a8 into NixOS:master Aug 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

@srhb srhb srhb left review comments

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@johanot @srhb @GrahamcOfBorg @Mic92